I noticed that the following code set the RID of 3 as the default administrator role:
http://cgit.drupalcode.org/panopoly_admin/tree/panopoly_admin.strongarm.inc
This is fine, assuming you have a RID of 3 AND that role is truly an admin. If you don't meet either criteria, then you are giving non-admins permissions they shouldn't have, such as:
I recommend we either disable this option (set the strongarm value to '0') or we make it a default config that can be changed later. If we disable this option, then the onus for setting appropriate permissions are on the distribution developers. What are your thoughts? I'll be happy to work on a patch with whichever option we choose.
Comment | File | Size | Author |
---|---|---|---|
#5 | default_admin_role-2637004-5.patch | 1.62 KB | humansky |
Comments
Comment #2
humansky CreditAttribution: humansky as a volunteer commentedComment #3
humansky CreditAttribution: humansky as a volunteer commentedFixed screenshot link
Comment #4
dsnopekThanks for creating this issue!
Yeah, I think we probably shouldn't put this in strongarm or defaultconfig at all. We should either set this during installation if the user is installing the Panopoly profile, or maybe in a
hook_install()
for this module and actually look for a role named "administrator" rather than assuming the 'rid' which is definitely dangerous...Comment #5
humansky CreditAttribution: humansky as a volunteer commentedAdded a patch to address this issue
Comment #6
humansky CreditAttribution: humansky as a volunteer commentedComment #7
dsnopekThis patch looks awesome! I just need to test it once and then I'll commit it.
Comment #9
dsnopekThis worked in manual testing with a new install! Committed. :-)